OpenScape Branch / Session Border Controller (SBC) Multiple
OpenScape Branch / Session Border Controller (SBC) Multiple Vulnerabilities
Release Date : 2013-06-18
Criticality level : Moderately critical
Impact : Cross Site Scripting
Exposure of system information
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
OpenScape Session Border Controller (SBC)
SEC Consult has reported a weakness and multiple vulnerabilities in OpenScape Branch and Session Border Controller (SBC), which can be exploited by malicious people to disclose certain system and potentially sensitive information, conduct cross-site scripting attacks, and compromise a vulnerable appliance.
1) An unspecified error related to /core/getLog.php can be exploited to disclose e.g. CPU, memory, and disk usage and uptime.
2) Certain input passed to /core/handleTw.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Certain input passed to /core/getLog.php is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
4) An unspecified error related to /core/getLog.php can be exploited to execute arbitrary operating system (OS) commands with the privileges of the webserver.
The weakness and the vulnerabilities are reported in the following products and versions:
* OpenScape Branch versions prior to V2 R0.32.0 and V7 R1.7.0
* OpenScape SBC versions prior to V2 R0.32.0 and V7 R1.7.0
Update to versions V2 R0.32.0 or V7 R1.7.0.
Provided and/or discovered by:
Stefan Viehboeck, Michael Heinzl, and Florian Lukavsky, SEC Consult
Was this reply helpful? (0) (0)